diff --git a/flake.nix b/flake.nix index 329bc9c..345c8e6 100644 --- a/flake.nix +++ b/flake.nix @@ -80,7 +80,7 @@ imports = [ self.nixosModules.common ./hosts/nachtigall - self.pub-solar.lib.linux.unlockZFSOnBoot + self.lib.linux.unlockZFSOnBoot self.nixosModules.home-manager self.nixosModules.linux self.nixosModules.overlays @@ -155,7 +155,7 @@ }; }; - deploy.nodes = self.pub-solar.lib.deploy.mkDeployNodes self.nixosConfigurations { + deploy.nodes = self.lib.deploy.mkDeployNodes self.nixosConfigurations { nachtigall = { sshUser = username; }; diff --git a/hosts/nachtigall/apps/forgejo.nix b/hosts/nachtigall/apps/forgejo.nix index 2535b9d..fd26367 100644 --- a/hosts/nachtigall/apps/forgejo.nix +++ b/hosts/nachtigall/apps/forgejo.nix @@ -103,11 +103,19 @@ GPG_TTY = "$(tty)"; }; - services.restic.backups.forgejo = flake.self.lib.droppieBackup { + services.restic.backups.forgejo = { paths = [ "/var/lib/forgejo" "/tmp/forgejo-backup.sql" ]; + timerConfig = { + OnCalendar = "*-*-* 02:00:00 Etc/UTC"; + # droppie will be offline if nachtigall misses the timer + Persistent = false; + }; + initialize = true; + passwordFile = config.age.secrets."restic-repo-droppie".path; + repository = "yule@droppie.b12f.io:/media/internal/backups-pub-solar"; backupPrepareCommand = '' ${pkgs.sudo}/bin/sudo -iu postgres ${pkgs.postgresql}/bin/pg_dump -d gitea > /tmp/forgejo-backup.sql ''; diff --git a/hosts/nachtigall/apps/keycloak.nix b/hosts/nachtigall/apps/keycloak.nix index 7c7a41d..41963da 100644 --- a/hosts/nachtigall/apps/keycloak.nix +++ b/hosts/nachtigall/apps/keycloak.nix @@ -47,10 +47,18 @@ }; }; - services.restic.backups.keycloak = flake.self.lib.droppieBackup { + services.restic.backups.keycloak = { paths = [ "/tmp/keycloak-backup.sql" ]; + timerConfig = { + OnCalendar = "*-*-* 02:00:00 Etc/UTC"; + # droppie will be offline if nachtigall misses the timer + Persistent = false; + }; + initialize = true; + passwordFile = config.age.secrets."restic-repo-droppie".path; + repository = "yule@droppie.b12f.io:/media/internal/backups-pub-solar"; backupPrepareCommand = '' ${pkgs.sudo}/bin/sudo -iu postgres ${pkgs.postgresql}/bin/pg_dump -d keycloak > /tmp/keycloak-backup.sql ''; diff --git a/hosts/nachtigall/apps/mailman.nix b/hosts/nachtigall/apps/mailman.nix index 6285c81..1d18da8 100644 --- a/hosts/nachtigall/apps/mailman.nix +++ b/hosts/nachtigall/apps/mailman.nix @@ -80,11 +80,19 @@ # ]) #''; - services.restic.backups.mailman = flake.self.lib.droppieBackup { + services.restic.backups.mailman = { paths = [ "/var/lib/mailman" "/var/lib/mailman-web/mailman-web.db" "/var/lib/postfix/conf/aliases.db" ]; + timerConfig = { + OnCalendar = "*-*-* 02:00:00 Etc/UTC"; + # droppie will be offline if nachtigall misses the timer + Persistent = false; + }; + initialize = true; + passwordFile = config.age.secrets."restic-repo-droppie".path; + repository = "yule@droppie.b12f.io:/media/internal/backups-pub-solar"; }; } diff --git a/hosts/nachtigall/apps/mastodon.nix b/hosts/nachtigall/apps/mastodon.nix index fae406d..c55d490 100644 --- a/hosts/nachtigall/apps/mastodon.nix +++ b/hosts/nachtigall/apps/mastodon.nix @@ -1,10 +1,6 @@ +{ config, pkgs, flake, inputs, ... }: + { - config, - pkgs, - flake, - inputs, - ... -}: { age.secrets."mastodon-secret-key-base" = { file = "${flake.self}/secrets/mastodon-secret-key-base.age"; mode = "400"; @@ -98,12 +94,20 @@ }; }; - services.restic.backups.mastodon = flake.self.lib.droppieBackup { + services.restic.backups.mastodon = { paths = [ "/tmp/mastodon-backup.sql" ]; + timerConfig = { + OnCalendar = "*-*-* 02:00:00 Etc/UTC"; + # droppie will be offline if nachtigall misses the timer + Persistent = false; + }; + initialize = true; + passwordFile = config.age.secrets."restic-repo-droppie".path; + repository = "yule@droppie.b12f.io:/media/internal/backups-pub-solar"; backupPrepareCommand = '' - ${pkgs.sudo}/bin/sudo -iu postgres ${pkgs.postgresql}/bin/pg_dump -d gitea > /tmp/mastodon-backup.sql + ${pkgs.sudo}/bin/sudo -iu postgres ${pkgs.postgresql}/bin/pg_dump -d mastodon > /tmp/mastodon-backup.sql ''; backupCleanupCommand = '' rm /tmp/mastodon-backup.sql diff --git a/hosts/nachtigall/apps/nextcloud.nix b/hosts/nachtigall/apps/nextcloud.nix index 9817a67..f37c44f 100644 --- a/hosts/nachtigall/apps/nextcloud.nix +++ b/hosts/nachtigall/apps/nextcloud.nix @@ -3,7 +3,8 @@ pkgs, flake, ... -}: { +}: +{ age.secrets."nextcloud-secrets" = { file = "${flake.self}/secrets/nextcloud-secrets.age"; mode = "400"; @@ -130,11 +131,19 @@ database.createLocally = true; }; - services.restic.backups.nextcloud = flake.self.lib.droppieBackup { + services.restic.backups.nextcloud = { paths = [ "/var/lib/nextcloud/data" "/tmp/nextcloud-backup.sql" ]; + timerConfig = { + OnCalendar = "*-*-* 02:00:00 Etc/UTC"; + # droppie will be offline if nachtigall misses the timer + Persistent = false; + }; + initialize = true; + passwordFile = config.age.secrets."restic-repo-droppie".path; + repository = "yule@droppie.b12f.io:/media/internal/backups-pub-solar"; backupPrepareCommand = '' ${pkgs.sudo}/bin/sudo -iu postgres ${pkgs.postgresql}/bin/pg_dump -d nextcloud > /tmp/nextcloud-backup.sql ''; diff --git a/lib/default.nix b/lib/default.nix index b6256f6..e93cf33 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -1,7 +1,7 @@ { self, lib, inputs, ... }: { # Configuration common to all Linux systems flake = { - pub-solar.lib = let + lib = let callLibs = file: import file {inherit lib;}; in rec { ## Define your own library functions here! @@ -12,8 +12,6 @@ deploy = import ./deploy.nix { inherit inputs lib; }; - droppieBackup = import ./droppie-backup.nix; - linux = { unlockZFSOnBoot = import ./unlock-zfs-on-boot.nix {publicKeys = self.publicKeys.allAdmins;}; }; diff --git a/lib/droppie-backup.nix b/lib/droppie-backup.nix deleted file mode 100644 index be83460..0000000 --- a/lib/droppie-backup.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ config, ... }: extraOptions: { - timerConfig = { - OnCalendar = "*-*-* 02:00:00 Etc/UTC"; - # droppie will be offline if nachtigall misses the timer - Persistent = false; - }; - initialize = true; - passwordFile = config.age.secrets."restic-repo-droppie".path; - repository = "yule@droppie.b12f.io:/media/internal/backups-pub-solar"; -} // extraOptions